We had a great a line up of speakers and talks for the 2019 conference as you will see below
The 2020 speakers will be announced in the coming months
MEET LEADING EXPERTS
Dr Andrew Jones, System Architect, Arm
Presentation: Cybersecurity for Automotive IoT Systems on Chip
The rise of embedded connectivity in cars is due to a huge diversity of opportunities for new features and business models ranging over advanced driver assistance, remote car feature enablement, predictive maintenance, to new ownership models and support for flexible road pricing. These opportunities bring with them a number of threats. This talk gives an overview of those threats and discusses the architectural countermeasures we can deploy on silicon to mitigate them.
Dr Andrew Jones is the Arm architect focused on future systems design of IoT and embedded automotive systems. Andrew is a veteran system architect having previously worked at the University of Bristol, and several microelectronics companies in the UK and US. He has managed the specification of dozens of successful chips and is the holder of over 50 patents. Andrew Jones is the author of a book on network design and of a number of publications focused on system on chip architectures.
Dave Walker, Solutions Architect, Amazon Web Services
Presentation: Architecture Updates for AWS IoT Security
Since the launch of the security-focussed AWS IoT Device Defender service last year, there's been futher services and feature releases in the AWS IoT service family. We explore how these services fit together in some reference archiectures, and how they integrate with other AWS services for the purpose of enhancing security.
Dave is a recognised expert in IT security, networking and compliance design, consultancy, review, implementation. Multi-level and cross-domain security, especially label-based, is a particular speciality.
Occasional creator of novel approaches to security issues; Cloud, hypervisors, Trusted Computing, Adversity Modelling and privacy number among areas of interest.
Experienced speaker / presenter on security topics.
Specialties: Multi-level, cross-domain, label-based security, compliance consultancy, audit design.
Tony Gee, Associate Partner, Pen Test Partners
Presentation: Systemic fraud in IoT: the fraud no one knows about
Systemic issues in IoT are becoming more and more prevalent, with millions of devices compromised by poor security on the API, but there is a more sinister abuse of this attack as yet unknown. This talk will discuss this attack and the ways an attacker can abuse the flaw for massive systemic fraud. We will also discuss the current mitigations in place and other mitigations organisations and individuals can put in place. This talk will be an eye opener to a brand new type of abuse of IoT!
Tony has over 15 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor.
Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.
Ivan Reedman, Hardware Security Capability Practice Lead, NCC Group
Presentation: IoT. Engineer securely, don’t add security
All too often vendors offer products and solutions to secure your IoT device. Unfortunately, in reality there is no silver bullet. For an IoT device to be secure, it must be engineered securely. This talk will cover some basic principles of secure engineering using publically available references and models whilst also explain why and how to implement these principles.
With more a 30 years in research and development, and in excess of 8 years in offensive hardware tool development, Ivan Reedman (aka ToyM4ker) brings with him deep hardware design and development experience, from switching power supplies through to complex embedded systems.
Keen to share his knowledge, Ivan provides hardware capability development thought leadership and innovation for his team and works with clients in assessment, design consultancy and training capacities with respect to hardware security.
Having discovered a number of silicon level vulnerabilities present in millions of IoT products from large Silicon Valley vendors, developed a working proof of concept generic IoT platform to demonstrate the design flaw and presented this material at a number of security conferences, Ivan works to find un-patchable hardware vulnerabilities in order to help convey the importance of secure by design applying to hardware as well as all other aspects of the design life cycle.
Richard Marshall, IoT Security Foundation Plenary Chair and CEO at Xitex
Presentation: Standards and regulations are coming - ensuring your product is compliant
Momentum is gathering in the standards and regulatory requirements for IoT security, will your IoT service be compliant? In his presentation Richard provides an update on some of the significant progress being made in the standards arena and regulatory direction for IoT security. He then goes on to show what help and assistance is available to companies to ensure that their IoT products and services are prepared for such compliance requirements.
Richard is Managing Consultant at Xitex Limited, with more than 30 years experience in a variety of senior lead product and engineering roles in the wireless and consumer electronics sectors, having worked for Lucent Technologies, Sony, Cisco and also being a founding lead team member at startups Ubiquisys and nSine. At Ubiquisys and subsequently Cisco, after its acquisition of Ubiquisys in 2013, Richard was the Product Manager for their global cloud based secure activation system for 3G/4G small cells. This role being the security advocate, technology champion and secure manufacturing supply chain architect for the small cells manufactured in Europe and SE Asia.
As Chair of the Internet of Things Security Foundation Plenary Group, Richard leads the implementation of IoTSF’s strategy. The Foundation’s objective is to drive the pervasiveness of IoT security, improving its fitness and end-to-end quality. The Plenary Group is an important piece of the delivery plan as it is the central members’ forum where concerns are identified and active working groups determine the corresponding measures to address the challenges. Typical outputs from the working groups are best practice guidelines which satisfy the simple requirements of being useful, accessible and crucially, actionable.
Ian Banham, Technical Specialist, Microsoft
Presentation: Azure IoT and Security Centre. Using AI to help secure your IoT Deployment
Ian will give an overview of the new Azure Security Centre capability for IoT and how this uses AI and the lessons learnt from previous security attacks to help secure your IoT Deployment and flag weaknesses and potential threats to it.
Ian is part of the Microsoft Global Black Belt Organisation, his role is that of a technical specialist focussed on Azure IoT Services. He has been in this role with Microsoft for three years and prior to this was European Subject Matter for ThingWorx. Part of Ian’s current role is to lead the EMEA IoT Security Team within the Black Belt Organisation. The aim of this team is to gather best practices and learnings to help future projects securely deploy devices in a more timely manner.
Sven Strassburg, Architect Lead for IBM Watson IoT Europe, IBM
Presentation: Considerations around IoT device connectivity
Sven will explore the security considerations that are needed when connecting IoT enabled devices to on-premise or cloud-based infrastructure in an industrial context.
Sven Strassburg is the European IBM Watson IoT Architect Lead. He has a production and software engineering background. For the last 19 years he been involved in on all aspects of IT Service Management, process automation, system integration and IoT focused engagements. Starting 7 years ago he became increasingly involved in connecting the physical world to the digital world, which is now his full time focus within the Watson IoT division of IBM.
Mark Neve, IoT Security Foundation Ambassador and Technical Lead at Copper Horse
Presentation: Vulnerability Disclosure in IoT: Why it’s good to be prepared!
Mark will take you through IoTSF best practice on creating a disclosure policy along with case studies of good and bad incident handling and interactions with security researchers. We’ll also be taking a looking at bug bounties and the exploit market. Finally covering research work commissioned by the IoTSF in 2018 to understand the use of vulnerability disclosure in consumer IoT Products.
Mark has extensive software experience from embedded development for IoT through to commercial software and test automation for millions of mobile phones. He has been involved in research projects for automotive, IoT, security and smart cities.
Mark has 15 years’ experience working in the mobile manufacturing environment for Vertu and Panasonic Mobile. Mark has delivered practical hacking training on behalf of the IoT Security Foundation and also to students at the University of Oxford and York St John University and has contributed to several white papers on Automotive and IoT security.
Marcus Streets, Principal Security Architect, Arm
Presentation: The PSA Security Model: Important Security Goals and How They Impact Security
The Platform Security Architecture (PSA) offers a framework for securing connected devices. It provides a step-by-step guide to building in the right level of device security, reducing risk around data reliability, and allowing businesses to innovate on new ideas to reap the benefits of digital transformation.
Marcus Streets has over twenty years’ experience in security with nCipher later Thales, Good Technology later Blackberry, the Linux Foundation and Arm.
He is currently a Principal Security Architect working on Platform Security Architecture APIs and certification in Arm’s Architecture and Technology Group.
Paul Tobin, Senior New Business Sales Manager, Microsoft
Presentation: Azure Sphere
The talk will focus on how Azure Sphere can enable secure end point connections to the Cloud to deliver positive business outcomes. The talk will address the 9 billion MCU-powered devices in our everyday lives and the opportunities that connecting these devices represents for consumers, customers and partners alike.
Paul Tobin, Senior New Business Sales Manager at Microsoft has worked across retail, commercial and the public sector over almost 13 years at Microsoft. Paul has spent much of his time focussed on compete projects and leading cross-company teams, partners and customers in driving incubation businesses from inception through to scale. Paul works within the Microsoft device sales team partnering with the IoT team to combine the intelligent edge with the intelligent cloud.
Mark Pitchford, Technical Specialist, LDRA Software Technology
Presentation: Cybersecurity clouds over the bright future of smart grids
Cybersecurity represents a dark cloud overshadowing the “smart grid” modernization of the existing electrical grid system that enhances customers' and utilities' ability to monitor, control, and predict energy use. The need for a secure enterprise-level architecture in defending against potentially devastating blackouts is widely acknowledged, but the role played by securely coded devices is easier to ignore and yet vitally important.
This presentation will discuss that as part of a defence-in-depth security strategy, monitoring smart devices deserve particular attention because they access data that is critical to smart grid operation. It will suggest that many of the most appropriate quality assurance techniques for secure coding are well proven in the field of functional safety. And it will advocate that the structured development approach promoted by IEC 61508 provides an ideal framework for the proactive development of a secure application.
Mark Pitchford has over 30 years’ experience in software development for engineering applications. He has worked on many significant industrial and commercial projects in development and management, both in the UK and internationally. Since 2001, he has worked with development teams looking to achieve compliant software development in safety and security critical environments, working with standards such as DO-178, IEC 61508, ISO 26262, IIRA and RAMI 4.0
Mark is a graduate of Nottingham Trent University, and he became a Chartered Engineer over 30 years ago. He now works as Technical Specialist with LDRA Software Technology.
Paul Philips, Principal Embedded Solutions Engineer, Microchip Technology
Presentation: Leveraging a secure element to build scalable, secure IoT systems
To create a secure IoT system it is now accepted that a secure element is an accepted means to add a trust anchor to a secure embedded IoT device.
But how do you ensure that your secure element itself can be trusted and:
- procure these in small volumes for development and test builds,
- create a secure, trusted manufacturing capability,
- scale this to multiple manufacturing locations whilst ensuring trust is maintained.
In this session Paul will discuss how Microchip’s Trust Platform enables various methods to scale to your needs.
Paul is a Principal Embedded Solutions Engineer within the Security Products Group at Microchip Technology Inc. Drawing on his many years of experience in building management systems Paul is able to guide clients on how to get IoT, networking and Security designed correctly to meet the rigours of a connected world.
Paul is a highly respected industry professional and holds multiple qualifications incl. CSSLP, CEH, CHFI and MCP.
Rob Dobson, Director, Device Authority
Presentation: IoT Security for Industrial and Smart Factory use cases
The presentation will take the audience through what some of the challenges are for securing industrial and Smart Factory deployments. Looking at several case study scenarios where customers have specific requirements around data security, privacy and how they can meet the Operation Technology (OT) needs for their businesses.
Rob has over 25 years of experience in industry, with a wide range of expertise across cybersecurity, IoT, SaaS, Semiconductors and Software engineering. He has been involved in several successful start-ups. Rob helps customers architect and deploy successful IoT solutions with the security they need and is also well known for speaking at various events around the world on IoT Security across many markets, most prominently Industrial & Medical/Healthcare.
Ian Smith, IoT Security Lead, GSMA
Presentation: Leveraging the SIM as a ‘Root of Trust’ to Secure IoT Applications
The GSMA has investigated how to leverage existing mobile operator assets to help secure IoT services - one of these key assets being the SIM. In his presentation, Ian Smith, IoT Security Lead at GSMA, will describe how cellular connected (GSM, LTE, NB-IoT) IoT devices can use the capabilities of the SIM to enhance the security of commonly used IoT security protocols such as Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS).
Ian will also talk about the work the GSMA is undertaking to create a ‘common implementation guide’ for this capability - to the benefit of the IoT developer community.
Ian is a technologist working for the GSMA, which represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 300 companies in the broader mobile ecosystem, and produces industry-leading events such as Mobile World Congress in Barcelona.
Ian is currently leading the GSMA’s IoT Security project which has recently published a comprehensive set of IoT Security Guidelines. Prior to this Ian led the delivery of the GSMA IoT Connection Efficiency Guidelines and the GSMA Embedded SIM Specifications.
Before joining the GSMA, Ian has held senior technical positions within network operators including Hutchison and Orange where he oversaw the design and development of the first commercial 3G handsets and SIM cards.
Ian holds a B.Eng. with joint honours in Electronic Engineering and Computer Science from Aston University, UK.
Alan Hall, CEO, Valbrio
Presentation: How to manage IoT application security vulnerabilities more efficiently
As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. When it comes to IoT application security solutions, the bulk of the responsibility lies with the creator of the application. Yes, users should update their passwords frequently and follow basic security precautions, but the application itself has to be secure, not only from the day of launch, but throughout the lifecycle of the app. This requires several things—an awareness of the top Internet of Things security vulnerabilities, knowledge of the best approaches to take to design a secure IoT app, and how to use tools to manage it all.
Alan is CEO of Valbrio limited and has spent most of his career working with software developers to improve software quality, safety, reliability and security. After an initial career as an academic, Alan moved into technical roles in the commercial sector and ultimately into sales and management roles.
Robin Kennedy, Cyber Security, Knowledge Transfer Network
Presentation: The Digital Security by Design Challenge
Robin will outline one of the latest programmes to be announced under the Industrial Strategy Challenge Fund (ISCF) which, through enhancements to processor architecture and software, aims to make digital systems inherently less vulnerable
Robin Kennedy is Knowledge Transfer Manager for Cyber Security at the Knowledge Transfer Network (KTN).
Douglas Gilmour, Managing Director, Mobius Networks
Presentation: Vectors of attack within Mobile Networks
The Mobile Network was designed for Mobile Phones. Industrial IoT users can’t assume security for one is the same as the other.
Douglas is co-founder and Managing Director of Mobius Networks Limited. He has 30 years of experience in Electronics mainly in GSM, Bluetooth, Wifi and Ultra-wide band and then the Airtime industry. He has also been a Non-Exec for the Telecare Services Association in the health industry and the Management Board of the Real Time Information Group for public transport.
Shahid Rahim, Principal PKI & IoT Solutions Architect, DigiCert
Presentation: PKI Best Practice for IoT
The importance of Digital Certificates in the IoT Security Framework and how to deploy efficiently.
Shahid has over 20 years of experience in IT Security, having started off in development/system integration and then later in consulting and pre-Sales. Originally from Birmingham, UK, and now based in London, Shahid previously worked in the IT Information Security field for many years with Control Data Corporation (CDC) and British Telecom (BT Global Services) in Germany.
Shahid joined DigiCert in 2019 as a Senior Sales Engineer (UK/EMEA) in Pre-Sales Engineering. Shahid has also worked for many start-up companies in the security vendor space covering broad technologies; IDAM, Network Security, IDS/IPS, Cyber-Security, Vulnerability Management, Data Encryption, Reporting/Analytical tools for Centrify, Apani Networks, Foxt, Catbird Networks (Acquired by Cyxtera), and ForgeRock.
Andy Sutherland, Senior Account Executive, Performanta
Presentation: Protecting our Institutions and Building the Cyber Future
Andy Sutherland will be talking about what Performanta is doing to help protect Birmingham City University and adapting their services to suit the unique university environment. He will also discuss how they are using their know how and connections to help promote cyber awareness in students and to help faculties promote good cyber practices in all academic disciplines. This especially applies to Computer Science students who will be the Cyber Warriors of the future.
Andy Sutherland has worked in IT for over 25 years in a wide range of sales roles in companies such as Dell, Compaq and Computacenter. With a wide range of experience selling to global corporates as well as the UK Public Sector, Andy has been involved in all areas of IT delivery from the supercomputers that helped to crack the human genome to networking and now cyber security. After a 7 year spell running his own business in France, Andy has returned to the UK and is now heavily involved in Information Security with global player Performanta. Because of his extensive experience in selling to the UK Higher Education sector, Andy is working with the sector to help to make it a safer cyber space and to promote best practices in the IT departments and faculties.